Running Snort 18.104.22.168 pkg v. 2.5.1
In trying to track down the possible source for the whitelist issue I am running into, a review of the code in snort_interfaces_whitelist_edit.php indicates that "is_alias" is checked immediate prior to the error I am seeing.
$input_errors = "A valid alias need to be provided";
The error in red is what I am getting when I try to edit/save an existing whitelist, or try to create and save a new one.
I can actually create and save a new whitelist with a blank listing of IP's or an entry of "0" in the address field. Other entries such as 192.168.0.1 generate an error.
A search of "snort.inc" shows "is_alias" checking the snort.conf file, and $HOME_NET is listed in the snort.conf.
For $HOME_NET - I was unable to see an obvious place to set this in the snort gui, so I edited the snort.conf file adding:
ipvar HOME_NET [192.168.0.1/24,192.168.0.2/24]
"snort.inc" contains code that looks like it builds the $HOME_NET variable from the interface subnets and that seems the logical approach, so changing the snort.conf file may be redundant (or counterproductive).
Should it be necessary to manual edit the snort.conf file, and if so, is the syntax in bold above syntax valid? What is the best way to check for the value of $HOME_NET?
I know that is probably a very basic question, but I'm looking for anything that might be triggering the whitelist update error I am seeing when I try to update or create a whitelist.
This error began when I updated to 2.5.1. My update process was: ensure the save setting box was checked within the snort gui; uninstall the package ("Remove this package" from the package manager gui); then install the new snort package. If a more thorough removal/reinstall process is recommended, details would be appreciated.
Suggestions are welcome.